Releases: ministryofjustice/cloud-platform-terraform-ecr-credentials
7.1.0
What's Changed
- feat: add dependabot to cloud platform project workflow by @mikebell in #110
- Bump actions/setup-go from 2 to 5 by @dependabot in #106
- Bump terraform-docs/gh-actions from 1.0.0 to 1.2.0 by @dependabot in #112
- chore: bump example version by @timckt in #117
- ♻️ Refactor GitHub Actions to Store ECR Registry URL as a Secret by @jasonBirchall in #119
New Contributors
Full Changelog: 7.0.0...7.1.0
v7.0.0
What's Changed
- Update example to use the latest release by @poornima-krishnasamy in #103
- Repo vars condition by @sj-williams in #109
Full Changelog: 6.1.1...7.0.0
Breaking Changes
Headline:
If optional github_environments
field is set, any pre-existing default repository ECR secrets and variables will be deleted.
This release introduces functionality that could potentially break some existing GitHub Actions pipelines that utilise GitHub Secrets and Variables. Please read this guidance thoroughly and check that your GitHub Actions workflows are configured correctly.
Action required
If you’re using the ECR module in your environment, and are not setting the optional github_environments
field, then this 7.0.0
update will have no impact on your CI/CD workflows and you can ignore this guidance.
If you are setting the github_environments
field, then you should be accessing your ECR secrets and variables:
ECR_ROLE_TO_ASSUME
ECR_REGION
ECR_REPOSITORY
(these will vary if you are setting github_actions_prefix
in your module call)
from your own defined GitHub environments within your repository workflows. This can be verified by reviewing your GitHub Actions yaml ECR build configurations and verifying that your ECR secrets and variables are scoped within an environment
block, similar to the below workflow snippet:
on:
push:
branches: [main]
jobs:
ecr:
environment: development # <-- Your environment name here
runs-on: ubuntu-latest
...
...
steps:
...
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} # <-- environment scoped secret
aws-region: ${{ vars.ECR_REGION }} # <-- environment scoped variable
Should you find any ECR secrets or variables that are referenced outside of an environment
block's scope, then you are still using the default repository GitHub variables, and you must remediate before updating.
6.1.1
What's Changed
- Standardise tags and versions by @jakemulley in #94
- Update README by @jakemulley in #95
- Add output description, update README, add policy Sid to allow policy merging by @jakemulley in #96
- Bump actions/checkout from 3 to 4 by @dependabot in #97
- Bump version used in template and by CLI to latest release by @jakemulley in #98
- feat(tf): add validation for modules variables by @jackstockley89 in #101
New Contributors
- @dependabot made their first contribution in #97
- @jackstockley89 made their first contribution in #101
Full Changelog: 6.1.0...6.1.1
v6.1.0
What's Changed
- Bump example version by @jakemulley in #91
- List + delete images by @ushkarev in #93
New Contributors
Full Changelog: 6.0.0...6.1.0
v6.0.0
What's Changed
- Refactor .github/ directory to bring in line with cloud-platform-terraform-template by @jakemulley in #83
- Add IRSA by @jakemulley in #84
- Add canned lifecycle policies by @jakemulley in #85
- Update example with latest release by @poornima-krishnasamy in #86
- Update README and versions.tf by @jakemulley in #88
- Remove ability to turn off scan_on_push by @jakemulley in #89
- Remove access keys by @jakemulley in #87
- Add tags by @jakemulley in #90
Full Changelog: 5.3.0...6.0.0
5.3.0
What's Changed
- Bump example version by @jakemulley in #80
- Fix incorrect link by @davidkelliott in #81
- Ready for deletion by @sj-williams in #82
New Contributors
- @davidkelliott made their first contribution in #81
Full Changelog: 5.2.0...5.3.0
v5.2.0
What's Changed
- Bump example version by @jakemulley in #77
- Add CircleCI OIDC provider configuration by @jakemulley in #78
- Update workflows, examples, tests and README for new users by @jakemulley in #79
Full Changelog: 5.1.4...5.2.0
v5.1.4
What's Changed
- Fix bug where IAM role isn't created but secrets are if oidc_providers isn't provided by @jakemulley in #74
- Fix typing of repos_envs by @jakemulley in #75
- Refactor GitHub OIDC integration by @jakemulley in #76
Full Changelog: 5.1.3...5.1.4
v5.1.3
What's Changed
- Make GitHub Actions variables uppercase by @jakemulley in #73
Full Changelog: 5.1.2...5.1.3
v5.1.2
What's Changed
- Create OIDC integration for GitHub by @jakemulley in #71
Full Changelog: 5.1.1...5.1.2